This screenshot shows the app analytics data sent by two different #iOS apps: Duolingo and Tinder. What's the likelihood that both apps are installed on the same device? 💯? 🤯
Both apps use Unity Ads. The data in the screenshot is collected by the Unity Ads framework included in these two apps, and any app that uses Unity Ads. The data is sent to the same Unity server. As a result, Unity Ads can easily fingerprint users and track them across different apps.
i here by nominate “keep perfectly still, the bougeoisie’s vision is based on movement” from existential comic the best underhanded pun in web comics of 2023
Hey #gnome and #kde people, since you are at #fosdem could you maybe discuss what would it take to make a common toolkit (Linux toolkit?) that would appeal to both #c and #cpp devs? Basically covering both platforms so we could converge. Maybe #swiftlang? Fork of #Kotlin native? Seems to me we would be better off with people writing mobile apps for Linux desktop, than people writing web apps and electron garbage on desktop.
you’re essentially asking for volunteers to work on what you like instead of working on what they like (GNOME and KDE) and for a company to work on something that doesn’t bring them money (Qt)… why would anybody do that?
@ebassi there might be a misunderstanding here. I asked to discuss what it would take to make a toolkit that both desktops would use. To discuss an idea. You can also say that you are not interested, which obviously you are not.
The reason that I asked is an interesting question that popped up in KDE camp - if they should change their programming language as a modernization(?) effort. This is an extension of the same question including both camps.
Thank you to everyone else who contributed and thanks to Simon for the trust and maintainer work!
We need more eyes on that code!
The xdg-utils are children of their time, shellscripts that by large don’t follow a “modern” scripting style …
… which means that there is a lot of work to catch up on and any changes should be reviewed by more people than they currently are. In case you want to help: Just pick something that seems interesting and doable for you and open an issue/merge request.
Things that need to be done:
Read the code and try to find mistakes (Usage of external tools, escaping, …)
xdg-utils 1.2.0 contains contributions from over 20 people (thankyou) some of the highlights are listed below. better support for Plasma6, Deepin, LXQt partial...
xdg-utils 1.2.1 contains three bugfixes found following the 1.2.0 release: xdg-icon-resource: Fix for incorrect syntax documentation: Proper quoting of _MANUALPAGE and _USAGE sections....
While working tech support, I got a call on a Monday. Some VPNs which had been working on Friday were no longer working. After a little digging, we found the negotiation was failing due to a certificate validation failure.
The certificate validation was failing because the system couldn’t check the certificate revocation list (CRL).
The system couldn’t check the CRL because it was too big. The software doing the validation only allocated 512kB to store the CRL, and it was bigger than that. This is from a private certificate authority, though, and 512kB is a *LOT* of revoked certificates. Shouldn’t be possible for this environment to hit within a human lifespan.
Turns out the CRL was nearly a megabyte! What gives? We check the certificate authority, and it’s revoking and reissuing every single certificate it has signed once per second.
The revocations say all the certificates (including the certificate authority’s) are expired. We check the expiration date of the certificate authority, and it’s set to some time in 1910. What? It was around here I started to suspect what had happened.
The certificate authority isn’t valid before some time in 2037. It was waking up every second, seeing the current date was after the expiration date and reissuing everything. But time is linear, so it doesn’t make sense to reissue an expired certificate with an earlier not-valid-before date, so it reissued all the certs with the same dates and went to sleep. One second later, it woke up and did the whole process over again. But why the clearly invalid dates on the CA?
The CA operation log was packed with revocations and reissues, but I eventually found the reissues which changed the validity dates of the CA’s certificate. Sure enough, it reissued itself in 2037 and the expiration date was set to 2037 plus ten years, which fell victim to the 2038 limitation. But it’s not 2037, so why did the system think it was?
The OS running the CA was set to sync with NTP every 120 seconds, and it used a really bad NTP client which blindly set the time to whatever the NTP server gave it. No sanity checking, no drifting. Just get the time, set the time. OS logs showed most of the time, the clock adjustment was a fraction of a second. Then some time on Saturday, there was an adjustment of tens of thousands of seconds forward. The next adjustment was hundreds of thousands of seconds forward. Tens of millions of seconds forward. Eventually it hit billions of seconds backwards, taking the system clock back to 1904 or so. The NTP server was racing forward through the 32-bit timestamp space.
At some point, the NTP server handed out a date in 2037 which was after the CA’s expiration. It reissued itself as I described above, and a date math bug resulted in a cert which expired before it was valid. So now we have an explanation for the CRL being so huge. On to the NTP server!
Turns out they had an NTP “appliance” with a radio clock (i.e, a CDMA radio, GPS receiver, etc.). Whoever built it had done so in a really questionable way. It seems it had a faulty internal clock which was very fast. If it lost upstream time for a while, then reacquired it after the internal clock had accumulated a whole extra second, the server didn’t let itself step backwards or extend the duration of a second. The math it used to correct its internal clock somehow resulted in dramatically shortening the duration of a second until it wrapped in 2038 and eventually ended up at the correct time.
Ultimately found three issues: • An OS with an overly-simplistic NTP client • A certificate authority with a bad date math system • An NTP server with design issues and bad hardware
Edit: The popularity of this story has me thinking about it some more.
The 2038 problem happens because when the first bit of a 32-bit value is 1 and you use it as a signed integer, it’s interpreted as a negative number in 2’s complement representation. But C has no protection from treating the same value as signed in some contexts and unsigned in others. If you start with a signed 32-bit integer with the value -1, it is represented in memory as 0xFFFFFFFF. If you then use it as an unsigned integer, it becomes the value 4,294,967,296.
I bet the NTP box subtracted the internal clock’s seconds from the radio clock’s seconds as signed integers (getting -1 seconds), then treated it as an unsigned integer when figuring out how to adjust the tick rate. It suddenly thought the clock was four billion seconds behind, so it really has to sprint forward to catch up!
In my experience, the most baffling behavior is almost always caused by very small mistakes. This small mistake would explain the behavior.
Apple Vision Pro is built with accessibility in mind, including familiar features like VoiceOver and Accessibility Shortcut, along with new accessibility fea...
The UK government is planning to scrap millions of unused SARS-CoV-2 vaccine doses, which could have been used to vaccinate previously ineligible groups for free, after they closed the autumn booster campaign.
Meanwhile, pharmacies have just been authorised to offer Covid vaccines at a massive £45 a pop, thus excluding the poorest sections of the population.
And the new scheme starts on...yes you've guessed..April 1st.
GNOME Beers is starting in an hour! Join us at Pommodoro (Rue du Progrès 31, 1210 Saint-Josse-ten-Noode, Bruxelles, Belgium) starting at 8:00 PM. All are welcome to join, we’d love you to come along and socialize, meet staff, and chat with core contributors. foundation.gnome.org/2024/01/2…
Apple has published some information on setting up and using the accessibility features available on their new augmented reality Apple Vision Pro headset.
Este es Pedro Barato, presidente de la Asociación Agraria de Jóvenes Agricultores (ASAJA). Nació en 1959. Se conserva bien pese a que cuando termine su mandato en un par de años se podría jubilar. #SinComentarios
Two configurations that make it easier to find you and your content on #Mastodon: – Enable search for your public posts: fedi.tips/how-do-i-opt-into-or… – Mention your Mastodon profile on GitHub. You enter the URL of the profile and GitHub shows Mastodon icon & address: github.com/rauschma
New functionality on the mobile version of the site. Tap the image to view it in a sort of full screen viewer. Now you can view the images nicely in full size :)
The slides from my second #FOSDEM talk of the day - What can digital open source projects do to reduce our environmental footprint - is up. It is a lightnight talk, so not a lot of text, but, I think the notes are available. docs.google.com/presentation/d…
What can digital open source projects do to reduce our environmental footprint FOSDEM Feb 3, 2024 — 5 Minute Lightning Talk The world is slowly waking up to the realities of our climate crisis.
New tutorial posted: A Quick Look: Viewing Information and Managing Settings of Installed Apps Throughout our journey with our Android devices, we often install and use various apps, each of which consumes resources and uses certain permissions. If you wish to obtain more information about a specific app on your device, in addition to managing various related settings, accomplishing this is a straightforward process. Table of Content… accessibleandroid.com/a-quick-… #Android
I'm very happy to see how far the #IzzyOnDroid repository has come. Especially with all the recent scanner updates it has become so much more than "a secondary repo to get more FOSS app from".
I'd argue at this point it may very well be the most secure and well-maintained repository of #FOSS apps on #Android.
This is a repository of apps to be used with F-Droid. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
@lasagne Besonders wenn es um deutschsprachige Artikel geht, die sich an Leute in Deutschland richten. Englisch verwende ich, wenn es "an alle" geht – und versuche dann aber auch (wenn die 500 Zeichen es hergeben), DE mit unterzubringen…
“I would love to have the environmental impact numbers for Drupal, that the Wagtail has for Wagtail”
@mgifford speaking about accessibility and web sustainability at #FOSDEM. Figured the @wagtail group would appreciate this. More below, with a link to his talk
@laryn Curious if you were at my presentation on Saturday. No worries eiither way. But look at what Drupal, WordPress and Wagtail are talking about sustainability.
We have to start talking about the impact of our work.. making public committments and changing the culture of how we work.
I don't know exactly how that would look like for CiviCRM or Backdrop.
I was not, but am picking up bits via posts I'm finding and am interested in the topic. Thanks for all you're doing in this arena! I've posted in the Backdrop live chat and curious to see if others there are also interested.
Edit: To perhaps clarify my earlier question, it was largely in regard to a comment that was not actually from you: "looking forward to opportunities for inter-CMS collaboration in the sustainability space"
While we have already documented issues for the next draft around providing cross-WG (W3C) advisory guidance (#2), and providing a JSON API for third party tooling to utilize our guidelines (#20), ...
@laryn We would be happy to include this at our next Backdrop LIVE. We just need someone to facilitate the discussion and would love to have folks from other CMS projects participate in the discussion.
Web Accessibility and Environmental Sustainability and with Popular CMS FOSDEM Feb 3, 2024 Web Accessibility has a lot of complexities, and most CMS do not have the capacity to invest in it sufficiently.
This image was the result of an experiment playing with an AI image generator. I had asked for a blue bird in the shape of a padlock, as a potential way to symbolize email encryption in our software. I brought some stickers with it to #Fosdem and many visitors of our #Thunderbird booth took one, because we were already out of other stickers. I'd like to clarify, it is NOT an official image of our project, it was created just for fun.
@eternaltyro Thanks for your feedback! Labels are already planned - we'll make the desktop client so brilliant, you won't want to use any other in the future. ;)
I'm sure you will. But I still want to be able to use a client so I can have a place where I can read all my emails - including work mails. I know Tuta offers security / privacy specific features and that's great. But for me personally, convenience trumps security.
Don't forget to visit Team Thunderbird at our stand in Building K, Level 1, B8! We've got great people to talk to and those sweet stickers we previewed!
Vymáhání práv za použité obrázky. Hustý. Já mám blog s archivem do roku 2007, tak jsem zvědav, kolik mi toho přijde 🙈 vzhurudolu.cz/prirucka/picrigh… #links
Můj příběh o velmi staré, ale „půjčené“ fotce, která mě stála sedm tisícovek. Pokud jste někdy umísťovali na web fotku, u kterých si nejste jistí původem, tohle si raději přečtěte.
Já akorát moc nerozumím tomu dotčenému tónu – mám na webu obrázek, který jsem někomu sebral navzdory licenci, takže když to někdo vyreklamuje, nezbývá než sklapnout podpatky, omluvit se a případně vysolit peníze, ne?
@zoul Tohle je, bohuzel, ceske specifikum. Cesko nema v autorskem zakone vyjimku na parodii/kolaz/meme, jak ji doporucuje EU a implementuje vetsina statu. Kdyby to byl Francouzsky blog, ta firma by nic neposilala.
*pokud jsem to pochopil spravne, jednalo se o meme, ne pre-pouziti fotky z internetu.
❤️🧡💛💚💙💜 
Emmanuele Bassi
in reply to amackif • • •amackif
in reply to Emmanuele Bassi • • •@ebassi there might be a misunderstanding here. I asked to discuss what it would take to make a toolkit that both desktops would use. To discuss an idea. You can also say that you are not interested, which obviously you are not.
The reason that I asked is an interesting question that popped up in KDE camp - if they should change their programming language as a modernization(?) effort. This is an extension of the same question including both camps.